Static task
static1
Behavioral task
behavioral1
Sample
images.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
images.exe
Resource
win10v2004-20220414-en
General
-
Target
images.pdf
-
Size
290KB
-
MD5
e28ae2f26a165ab891248f17b064f2e7
-
SHA1
8ac67ed569b4675411c54ac05768eefff853854f
-
SHA256
0b7eafb0e73e2bf0e0c6263824ffacbf4869f9121502264e5dc08d09183ae301
-
SHA512
ba26ca25af0f1a5a5d4ec9c7fa1ba64e395d4c0a44b7803399df7dd50497addaa01ebf65d691c1f0a0a87462f0216aea60b9f4a6b3bffdc7c9743dc9e667c5b6
-
SSDEEP
6144:lCyhivbmvCsJY0SsBGUQIhUAZKlmRaHYEBB4HFUXL06Sh:l085JYN+DhUACEubBuHFg
Malware Config
Signatures
Files
-
images.pdf.exe windows x64
7c74df63a1dba2dccee9dead9673e4b7
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Imports
kernel32
GetLogicalDrives
GetOEMCP
GetCommandLineW
GetCurrentProcess
GetThreadErrorMode
GetSystemDefaultUILanguage
GetUserDefaultLangID
GetThreadLocale
GetUserDefaultUILanguage
GetCurrentThreadId
UnregisterApplicationRecoveryCallback
GetSystemDefaultLangID
GetACP
GetCommandLineA
GetTickCount64
GetLastError
GetThreadUILanguage
GetCurrentThread
TlsAlloc
SwitchToThread
GetErrorMode
UnregisterApplicationRestart
SetFileApisToOEM
GetEnvironmentStringsW
IsDebuggerPresent
FlushProcessWriteBuffers
GetLargePageMinimum
IsSystemResumeAutomatic
GetCurrentProcessorNumber
GetTickCount
VirtualAlloc
ExitProcess
WriteConsoleW
CloseHandle
CreateFileW
SetFilePointerEx
AreFileApisANSI
GetConsoleOutputCP
FlushFileBuffers
HeapReAlloc
HeapSize
GetProcessHeap
LCMapStringW
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
GetStringTypeW
GetFileType
SetStdHandle
FreeEnvironmentStringsW
WideCharToMultiByte
MultiByteToWideChar
GetCPInfo
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
HeapFree
HeapAlloc
GetModuleHandleExW
TerminateProcess
GetModuleFileNameW
WriteFile
GetStdHandle
RtlPcToFileHeader
RaiseException
GetConsoleMode
EncodePointer
LoadLibraryExW
GetProcAddress
FreeLibrary
TlsFree
TlsSetValue
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
InitializeSListHead
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
GetModuleHandleW
RtlUnwindEx
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsGetValue
user32
CreateMenu
GetProcessWindowStation
GetClipboardSequenceNumber
GetMessageW
DefWindowProcW
DestroyWindow
CreateWindowExW
EndDialog
RegisterClassExW
LoadAcceleratorsW
LoadStringW
ShowWindow
DispatchMessageW
MessageBoxA
TranslateAcceleratorW
TranslateMessage
LoadIconW
LoadCursorW
PostQuitMessage
DialogBoxParamW
UpdateWindow
BeginPaint
EndPaint
GetMenuCheckMarkDimensions
GetDesktopWindow
SetProcessDPIAware
GetMessageExtraInfo
GetFocus
GetClipboardViewer
GetOpenClipboardWindow
GetCursor
GetShellWindow
GetActiveWindow
AnyPopup
InSendMessage
GetCapture
CloseClipboard
EmptyClipboard
CountClipboardFormats
GetKBCodePage
IsProcessDPIAware
GetForegroundWindow
GetDialogBaseUnits
GetMessageTime
IsWow64Message
DestroyCaret
gdi32
GdiFlush
shell32
InitNetworkAddressControl
ole32
CoFreeUnusedLibraries
OleUninitialize
CoUninitialize
Sections
.text Size: 109KB - Virtual size: 108KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 44KB - Virtual size: 44KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 3KB - Virtual size: 7KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 5KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
_RDATA Size: 512B - Virtual size: 252B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 125KB - Virtual size: 124KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ